Prevent Don't React

Consider this scenario:

Picture this: You’ve spent the last few weeks working on a tribute video for a friend’s 30th wedding anniversary. You collected photos and video clips and edited them together, laying over a soundtrack of their favorite songs. It was a real labor of love.

When you finally finish the project, you go to copy the file onto a DVD and—what the?—a strange message pops up.

“Unfortunately, the files on this computer have been encrypted. You have 96 hours to submit payment to receive the encryption key, otherwise your files will be permanently destroyed.”

You’ve been hit with ransomware. And then you realize that you didn’t back up the anniversary video. In fact, you haven’t backed up any of your files in months. What do you do?

Unfortunately, when it comes to ransomware, once your files are encrypted, there’s not much you can do—besides cut your losses or pay up. And even if you do pay up, there’s a chance you won’t get your files back, so you’re out the files and your cash.

That’s why it’s so important to prevent ransomware attacks from happening in the first place.

Types of ransomwareThe first step in ransomware prevention is to recognize the different types of ransomware you can be hit with. Ransomware can range in seriousness from mildly off-putting to Cuban Missile Crisis severe.

Scareware Okay, yes, it’s called scareware, but in comparison to other types of ransomware—not so scary. Scareware includes rogue security software and tech support scams. You might receive a pop-up message claiming that a bajillion pieces of malware were discovered and the only way to get rid of them is to pay up. If you do nothing, you’ll likely continue to be bombarded with pop-ups, but your files are essentially safe. A quick scan from your security software should be able to clear out these suckers. For simple instructions on how to clean an infected computer,check out our step-by-step guide.

Pro tip: A legitimate antivirus or anti-malware program would not solicit customers in this way.

Screen lockers Upgrade to terror alert orange for these guys. When lock-screen ransomware gets on your computer, it means you’re frozen out of your PC entirely. Upon starting up your computer, a full-size window will appear, often accompanied by an official-looking FBI or U.S. Department of Justice seal saying illegal activity has been detected on your computer and you must pay a fine.

In order to reclaim control of your PC, a full system restore might be in order. If that doesn’t work, you can try running a scan from a bootable CD or USB drive.

Pro tip: The FBI would not freeze you out of your computer or demand payment for illegal activity. If they suspected you of piracy, child pornography, or other cybercrimes, they would go through the appropriate legal channels.

Encrypting ransomware This is the truly nasty stuff. These are the guys who snatch up your files and encrypt them, demanding payment in order to decrypt and redeliver. The reason why this type of ransomware is so dangerous is because once cybercriminals get ahold of your files, no security software or system restore can return them to you. Unless you pay the ransom—they’re gone. And even if you do, there’s no guarantee you can get those files back.

So what should you do about this kind of ransomware? Get out in front of it. “If any attack in the history of malware proves that you need protection in place before an attack happens, encrypting ransomware is it,” says Adam Kujawa, Head of Intelligence at Malwarebytes. “It’s too late once you get infected. Game over.”

Ransomware prevention The first step in ransomware prevention is to invest in awesome cybersecurity. Start with an antivirus with active monitoring and layer on other applications that are specifically designed to thwart advanced malware attacks such as ransomware. These include anti-malware and anti-ransomware programs.

Next, as much as it may pain you, you need to create secure backups of your data on a regular basis. You can purchase USBs or an external hard drive where you can save new or updated files—just be sure to physically disconnect the devices from your computer after backing up, otherwise they can become infected with ransomware, too. Cloud storage is another option, but we recommend using a server with high-level encryption and multiple-factor authentication.

Finally, stay informed. One of the most common ways that computers are infected with ransomware is through social engineering. Educate yourself on how to detect phishing campaigns, suspicious websites, and other scams. And above all else, exercise common sense. If it seems suspect, it probably is.

Wendy Zamora - Content Writer

Masters in Journalism from Stanford, but don't let that fool you. Expert in writing down what other people say and typing it up.

Group Called New World Order Responsible

A CYBER attack that downed popular internet sites including Twitter, Paypal, Netflix and Spotify — by targeting the service that allows users to connect to them — has been US DYN Hack Resolved, US-based DNS provider Dyn says, after hours of outages that spread around the world.

The wave of several distributed denial of service (DDoS) attacks on Dyn began at 1110 GMT on Friday (8pm AEDT on Thursday) and while the outages initially affected only the eastern United States, later users in Europe and Asia reported problems connecting to dozens of major websites.

In a DDoS attack, systems are intentionally flooded with data to slow or stop legitimate users from accessing them. Dyn said it had not received any communication from the attackers and did not know who was responsible, CNBC reported.

A senior US intelligence official told US broadcaster NBC that authorities do not believe the attack was state sponsored, instead identifying it as a case of “internet vandalism”. Dyn told CNBC that Friday’s attacks were “well planned and executed, coming from tens of millions of IP addresses at the same time”.

The attacks were carried out partly through the “internet of things” — physical devices like printers and appliances connected to the internet. The hijacked devices had been infected with malware, Dyn said, according to the report. Dyn’s services are part of the infrastructure of the internet, directing users to its client websites.

Members of a shadowy hacker collective that calls itself New World Hackers claimed responsibility for the attack via Twitter.

They said they organized networks of connected “zombie” computers that threw a staggering 1.2 terabits per second of data at the Dyn-managed servers.

“We didn’t do this to attract federal agents, only test power,” two collective members who identified themselves as “Prophet” and “Zain” told an Associated Press reporter via Twitter direct message exchange. They said more than 10 member participated in the attack. It was not immediately possible to verify the claim.

The collective, named NewWorldHacking on Twitter, has in the past claimed responsibility for similar attacks against sites including ESPNFantasySports.com in September and the BBC on December 31. The attack on the BBC marshalled half the computing power of Friday’s onslaught.

Outages monitor downdetector.com on Saturday showed service back to normal on dozens of affected websites.

Nationwide Hack

New Weapons Used to Disrupt Major Websites

On Friday last week, leading major websites were inaccessible to people across wide portions of the United States. According to the source article on this; a company that manages crucial parts of the internet’s infrastructure said it was under attack. These sources reported sporadic problems reaching several websites, including Twitter, Netflix, Spotify, Airbnb, Reddit, Etsy, SoundCloud and The New York Times.

The company, Dyn, houses servers that monitor and reroute internet traffic. Dyn said it began experiencing what security experts called a distributed denial-of-service attack just after 7 a.m. Reports that many sites were inaccessible started on the East Coast, but spread westward in three waves as the day wore on and into the evening.

In addition, something new to consider along with this attack is specifics about this indicate that it relied on hundreds of thousands of internet-connected devices like cameras, baby monitors, on line security devices, and home routers that have been infected — without their owners’ knowledge — with software that allows hackers to command them to flood a target with overwhelming traffic.

It is also reported that the Federal Bureau of Investigation and the Department of Homeland Security were looking into the incident and all potential causes, including criminal activity and a nation-state attack. According to these reports, Kyle York, Dyn’s chief strategist, said his company and others that host the core parts of the internet’s infrastructure were targets for a growing number of more powerful attacks. “The number and types of attacks, the duration of attacks and the complexity of these attacks are all on the rise,” Mr. York said.

Security researchers have long warned that the increasing number of devices being hooked up to the internet, the so-called Internet of Things, would present an enormous security issues. And the assault on Friday, security researchers say, is only a glimpse of how those devices can be used for online attacks.

Dyn is based in Manchester, N.H., and indicated that it had fended off the assault by 9:30 a.m. But by 11:52 a.m., but found it was again under attack. After fending off the second wave of attacks, Dyn said at 5 p.m. that it was again facing a flood of traffic.

DDoS - A distributed denial-of-service attack, or DDoS, occurs when hackers flood the servers that run a target’s site with internet traffic until it stumbles or collapses under the load. While most web masters, DNS providers, and large server provioning companies are aware these attacks are common, this attack last week provides evidence that there is evidence that they are becoming more powerful, more sophisticated and increasingly aimed at core internet infrastructure providers. Definitely not good news for the average home consumer. Going after companies like Dyn can cause far more damage than aiming at a single website.

The core service provider Dyn, is one of many outfits that host the Domain Name System, or DNS. DNS, which functions as a switchboard for the internet; does translate user-friendly web addresses like fbi.gov into numerical addresses that allow computers to speak to one another. Without the DNS servers operated by internet service providers, the internet could not operate.

In this specific case on Friday, the attack was aimed specifically at the Dyn infrastructure that supports internet connections. While the attack did not affect the websites themselves, it blocked or slowed users trying to gain access to those sites. Mr. York, the Dyn strategist, said in an interview during a lull in the attacks that the assaults on its servers were complex.

“This was not your everyday DDoS attack,” Mr. York said. “The nature and source of the attack is still under investigation.”

A notice from Dyn on its website about the outage:

Later in the day, Dave Allen, the general counsel at Dyn, said tens of millions of internet addresses, or so-called I.P. addresses, were being used to send a fire hose of internet traffic at the company’s servers. He also confirmed that a large portion of that traffic was coming from internet-connected devices that had been co-opted by type of malware, called Mirai.

Dale Drew, chief security officer at Level 3, an internet service provider, found evidence that roughly 10 percent of all devices co-opted by Mirai were being used to attack Dyn’s servers. Just one week ago, Level 3 found that 493,000 devices had been infected with Mirai malware, nearly double the number infected last month.

Mr. Allen added that Dyn was collaborating with law enforcement and other internet service providers to deal with the attacks.

In a recent report, Verisign, a registrar for many internet sites that has a unique perspective into this type of attack activity, reported a 75 percent increase in such attacks from April through June of this year, compared with the same period last year.

The attacks were not only more frequent, they were bigger and more sophisticated. The typical attack more than doubled in size. What is more, the attackers were simultaneously using different methods to attack the company’s servers, making them harder to stop. The most frequent targets were businesses that provide internet infrastructure services like Dyn.

“DNS has often been neglected in terms of its security and availability,” Richard Meeus, vice president for technology at Nsfocus, a network security firm, wrote in an email. “It is treated as if it will always be there in the same way that water comes out of the tap.”

Last month, Bruce Schneier, a security expert and blogger, wrote on the Lawfare blog that someone had been probing the defenses of companies that run crucial pieces of the internet.

“These probes take the form of precisely calibrated attacks designed to determine exactly how well the companies can defend themselves, and what would be required to take them down,” Mr. Schneier wrote. “We don’t know who is doing this, but it feels like a large nation-state. China and Russia would be my first guesses.”

While i may be too early to determine who was behind Friday’s attacks, it is this type of attack that has election officials concerned. They are worried that an attack could keep citizens from submitting votes.

Thirty-one states and the District of Columbia allow internet voting for overseas military and civilians. Alaska allows any Alaskan citizen to do so. Barbara Simons, the co-author of the book “Broken Ballots: Will Your Vote Count?” and a member of the board of advisers to the Election Assistance Commission, the federal body that oversees voting technology standards, said she had been losing sleep over just this prospect.

“A DDoS attack could certainly impact these votes and make a big difference in swing states,” Dr. Simons said on Friday. “This is a strong argument for why we should not allow voters to send their voted ballots over the internet.”

This month the director of national intelligence, James Clapper, and the Department of Homeland Security accused Russia of hacking the Democratic National Committee, apparently in an effort to affect the presidential election. There has been speculation about whether President Obama has ordered the National Security Agency to conduct a retaliatory attack and the potential backlash this might cause from Russia.

Gillian M. Christensen, deputy press secretary for the Department of Homeland Security, said the agency was investigating “all potential causes” of the attack.

Vice President Joseph R. Biden Jr. said on the NBC News program “Meet the Press” this month that the United States was prepared to respond to Russia’s election attacks in kind. “We’re sending a message,” Mr. Biden said. “We have the capacity to do it.”

But technology providers in the United States could suffer blowback. As Dyn fell under recurring attacks on Friday, Mr. York, the chief strategist, said such assaults were the reason so many companies are pushing at least parts of their infrastructure to cloud computing networks, to decentralize their systems and make them harder to attack.

A version of this article appears in print on October 22, 2016, on page A1 of the New York edition with the headline: New Weapons Used in Attack on the Internet. PhotoA map of the areas experiencing problems, as of Friday afternoon, according to downdetector.com.

While the Linux flaw is not specific to Android, its potential to affect a large number of devices has grabbed plenty of attention.

Reports say that this flaw first appeared with the introduction of Linux 3.6 in 2012, according to Ars Technica, which warns that an attacker could insert malicious code or content into unencrypted TCP internet connections between two parties. Even if the connection is encrypted, an attacker may be able to terminate it, Ars Technica adds.

“If you’re running an enterprise mobility program, a number of Android devices are potentially vulnerable to a serious spying attack,” wrote Blaich, in the Lookout blog post. “CISOs [Chief Information Security Officers] should be aware that this new vulnerability affects their Linux environments, Linux-based server connections (e.g., to popular websites), in addition to Android devices.”

Blaich also urges companies to check if any of the traffic to their services, such as email, is using unencrypted communications. “If so, targeted attacks would be able to access and manipulate unencrypted sensitive information, including any corporate emails, documents, or other files,” he added.

"We have been aware of this issue and we're taking the appropriate actions," explained a spokesman for Google, in an email to FoxNews.com.

Digital Trends reports that the flaw, which will likely be remedied when the new version of Android, Android 7.0 Nougat, becomes available to the public. The final release of Android 7.0 Nougat will be available by the end of September, according to Android Authority.

The New “QuadRooter” Hack Affects Over 900 million Android Devices

Original Article: By White Cat

Right now over 900 million Android devices are affected by the new “QuadRotter” hack. If you own an Android phone, then you need to read this article and then go to the google page link below and see if your phone is at risk. If you haven't heard of this then let's quickly review what has happened. If you have questions please call us if you are unable to discern problematic issues after going to the link below and continue to have android phone issues.

"A set of 4 security flaw in the Qualcomm chipsets that powers the Android devices is vulnerable to hackers. If any one of the 4 vulnerabilities is exploited, it will allow attackers to gradually take over a user’s handset and gain root access.

Qualcomm is the world’s leading designer of LTE (Long Term Evolution) chipsets with a 65% share of the LTE modem baseband market. Hackers would simply have to trick people into downloading a malicious app to make all this possible.

The vulnerabilities have been disclosed by a team of Check Point researchers at the DEF CON 24 security conference in Las Vegas.

Critical Quadrooter Vulnerabilities:

CVE-2016-2503 discovered in Qualcomm’s GPU driver and fixed in Google’s Android Security Bulletin for July 2016.

CVE-2016-2504 found in Qualcomm GPU driver and fixed in Google’s Android Security Bulletin for August 2016.

CVE-2016-2059 found in Qualcomm kernel module and fixed in April, though patch status is unknown.

By using Check Point’s free app you can check if your smartphone or tablet is vulnerable to Quadrooter attack. However these flaws can only be fixed by installing a patch from the device’s distributors after receiving fixed driver packs from Qualcomm."

Part of having technology means you as a user must keep up with how to keep your technology current and free from hacking and compromise. As professionals iComEx will continue to help educate you our clients as to what is going on out there in the Cyber world and bring you the right information to keep your technology up to date and provide sources for the fixes put in place by leading manufacturers. If you have specific questions regarding additional technology you use for personal or business use, please call us and ask those questions you need to for peace of mind. 972-712-2100 is a call away from you knowing you have done all you can regarding a compromise in technical equipment you have purchased.